PT-2021-11617 · Geeni · Geeni Gnc-Cw013

Published

2021-01-26

Updated

2021-02-03

CVE-2020-28998

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Geeni GNC-CW013 doorbell version 1.8.1

Description: A remote attacker can take full control of the device with a high-privileged account due to a vulnerability in the Telnet service. This issue arises because a system account has a default and static password.

Recommendations: For Geeni GNC-CW013 doorbell version 1.8.1, consider changing the default password of the system account to prevent exploitation. As a temporary workaround, restrict access to the Telnet service until a patch is available.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-28998

Affected Products

Geeni Gnc-Cw013

PT-2021-11617 · Geeni · Geeni Gnc-Cw013

CVE-2020-28998

Weakness Enumeration

Related Identifiers

Affected Products

References · 4